mercoledì 2 aprile 2014

Grails Spring Security Plugin manual login - registration - remember me

Spring security plugin is a powerful framework to manage authentication. It can be used out of the box following its super-easy documentation, but what if you want to implement manual login/registration/rememberMe functionalities?
I found that login and registration are quite easy to understand from the plugin guide, while rememberMe was just a little cryptic.

So this is the code i want to share: it's the server-side code and it is examples (so values are hard-coded but this is just an example). This code is for spring-security-core:2.0-RC2 plugin.

Please refer to plugin guide for install and setup configurations.


User registration


This code will create a User instance and save it to db with password encrypted (for Role creation and assignment please refer to step 7 in tutorial)

def user = new User();
user.username = "john";
user.password = "secretpassword";
user.save()

User login


In your controller define reference to springSecurityService and passwordEncoder beans via

def springSecurityService
def passwordEncoder

then in your code

def user = User.findByUsername("john");
def isLoggable = passwordEncoder.isPasswordValid(user.password, thepasswordtocheck, null)

//add this if you want to log the user then
springSecurityService.reauthenticate(user.username);

Is user logged?


def isLoggedIn = springSecurityService.isLoggedIn();

RememberMe functionality


NOTE: with spring-security-core:2.0-RC2 version, property namespaces has changed from grails.plugins.springsecurity to grails.plugin.springsecurity (look the 's' in the word plugin), a lot of examples out there refers to old plugin version.

Set in your Config.groovy:

grails.plugin.springsecurity.rememberMe.alwaysRemember = true

I would add also set

grails.plugin.springsecurity.rememberMe.cookieName = 'grails_remember_me'
grails.plugin.springsecurity.rememberMe.key = 'anewrandomkey'

to better secure the token, but that is optional.

Then in your code you have to define reference to rememberMeServices bean via

def rememberMeServices

Then you should call rememberMeServices.loginSuccess...well, that is the interface as specified in the code but that is not working!!! you have to call rememberMeServices.onLoginSuccess.
This was a critical step i had to dig a lot to find it!

So code is:

def user = User.findByUsername("john");
springSecurityService.reauthenticate(user.username);
rememberMeServices.onLoginSuccess(request, response, springSecurityService.getAuthentication());



That's all, hope it can helps someone!
Now that you have read my article, i would like to show you another thing: i've developed an app to help increase customers registration and customers conversion.

You can find it at appromocodes.com
Pubblicato da alle
Etichette: ,

3 commenti:

  1. Unknown16 febbraio 2015 alle ore 02:02

    Very neat! Thanks for sharing it, I was also wondering how to do manual remember-me handling (as you say, registration and login are more straight forward :).

    RispondiElimina
  2. Unknown15 aprile 2016 alle ore 00:09

    Very useful Alberto. You saved me a big headache. Thanks!

    RispondiElimina

Iscriviti a: Commenti sul post (Atom)